You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by gi...@git.apache.org on 2017/09/27 10:23:03 UTC

[GitHub] ricellis opened a new issue #63: Increase the minimum engine version

ricellis opened a new issue #63: Increase the minimum engine version
URL: https://github.com/apache/couchdb-nano/issues/63
 
 
   The current minimum engine version for Nano is [Node 0.12](https://github.com/apache/couchdb-nano/blob/master/package.json#L48). That version is EOL and no longer supported, the oldest LTS stream is the 4.x, although that is only going to be maintained until April 2018 [[1]].
   
   [1]: https://github.com/nodejs/Release#release-schedule1 "Node release schedule"
   
   It also appears that #45 stopped testing Nano on older versions and made 4.x the minimum tested version.
   
   As a result I think it makes sense to increase the minimum engine version to at least 4.
   
   ## Context
   As seen by #62 some of Nano's dependencies [(e.g. requests) already specify an engine `>=4`](https://github.com/request/request/blob/master/package.json#L21) and an in-range update of that dependency caused a break for people running nodejs-cloudant and/or Nano on Node 0.12. The changes in #62 will prevent that break, but will also stop further minor version updates of `request` which may well be needed for vulnerability fixes etc in future (there have been some in Hawk in the past) so I think the change to pin request version can only be a stop-gap.
   
   ## Expected Behavior
   The minimum engine version of Nano should be equal to the greatest minimum engine version of any of the dependencies and should match the oldest tested version.
   
   ## Current Behavior
   The engine version is an EOL, un-maintained version of Node.js (0.12).
   
   ## Possible Solution
   * Update the engine version to >=4, or maybe even >=6 since that will be the oldest maintained LTS in April 2018.
   * Re-enable minor version updates of the `request dependency.
   * I'm not 100% clear from the NPM documentation, but it might be worth considering adding the `config: {engine-strict: true}` flag to the `package.json` to by default prevent installing on unsupported engine versions.
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services